Postfix TLS and Security

So I'm using gmail as my email relay with postfix and unfortunately it seems to have opened a large security hole for my server to be used for spam. To alleviate this I decided to use stmp_tls_security_level at the fingerprint level. I added in gmails sha1 key and I have no error in the logs, but I can't send mail. I seem to be able to receive it, but not send. Here's the output of my main.cf. (sorry for the length of it)

So I'm using gmail as my email relay with postfix and unfortunately it seems to have opened a large security hole for my server to be used for spam.

Click to expand...

Why do you think that? Have you tested your server with an external mail relay check tool? Postfix setups are secure by default after you installed ISPConfig, so adding smtp_fingerprinting is not needed.

To answer your question, yes actually I did check it with some standard security software I use to test common vulnerabilities. When I run my scan it turns up that my smtp is configured as a relay, which I assumed was because I'm using gmail to relay my mail. Once I enabled the fingerprint setting, however, the issue disappeared. I'm gathering that it's because it was not able to escalate privileges because there was that security enabled.

How did you test? I guess you tested from the local server which explains the wrong result. A mailserver always allows relaying from localhost, otherwise local shell and web scripts would not work. This does not mean that any third party can relay emails trough your server. Better use this for testing:

I actually tested from an outside machine to the outside ip address and received the results. When I tested from inside my network it did not return that it was running as a relay.

However, after running your test it appears that it is not acting as a relay. I'll have to find another way to test it to totally confirm that either test is correct now that I have two different results, but I'm glad you helped to shed a bit of light onto the subject.